uk normas watchful

8/13/2019 UK Normas Watchful

1/3

APPLICATION NOTE 1

www.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.com Copyright Watchful Software S.A. 2013 All Rights Reserved.

TheTheTheThe UKUKUKUK Government Protective Marking SystemGovernment Protective Marking SystemGovernment Protective Marking SystemGovernment Protective Marking System (GPMS)(GPMS)(GPMS)(GPMS)Government Departments and Agencies in the United Kingdom (UK) must abide by the Security

Poicy !rame"ork# issued by the $abinet %&&ice# and adopt poicies in accordance "ith the

Government Protective Marking System (GPMS)' The system# as the name impies# is a marking on a

document or piece o& in&ormation "hich identi&ies the con&identiaity reuirements o& the

in&ormation# and at the same time conveys those protective reuirements to a those "ho hande

it'

hat does it mean to appy the UK GPMS*

The UK GPMS is a security cassi&ication schema o& &ive security cassi&ications# indicating in

descending order the ikey impact resuting &rom compromise or oss o& in&ormation abeed as&oo"+

,' T%P S-$.-T

/' S-$.-T

0' $%1!2D-1T2A3

4' .-ST.2$T-D

5' P.%T-$T6Unmarked materia is considered 7uncassi&ied' The

term 7U1$3ASS2!2-D8 or 71%T P.%T-$T29-3:

MA.K-D8 is used to indicate that a protective marking

is not needed'

Access to sensitive in&ormation or assets

must ony be granted to those "ho have a

business need and the appropriate

personne security contro (;aseine

Personne Security Standard (;PSS) or

1ationa Security 9etting (1S9)'

This 7need to kno"8 principe is

&undamenta to the security o& a

protectivey marked Government assets

and casua access to protectivey marked

assets is never acceptabe'


2/3

APPLICATION NOTE 2


/) %&&ers too @tips= and contentconteBt a"are poicy rues "hich are automaticay appied to any

government in&ormation asset# heping to educate users about the sensitivity o& in&ormation C

ensuring adherence to poicy?

0) Appies -nterprise .ights Management to keep in&ormation sa&e &rom security breaches or

discosure# resuting &rom maicious "rongdoing or inadvertent misusage'

Abiding by Mandatory .euirements under the Security Poicy n'/ o& the UK GPMS#

.ightsAT$< enabes+

2n&ormation and others assets to be+

,' ceary and conspicuousy marked

according to their vaue?

/' protected in ine "ith GPMS

reuirements throughout their

i&ecyce &rom creation to

destruction to ensure a

proportionate eve o& protection?

0' reguary audited to check

compiance and ao" eBtraction o&

data in the event o& an incident?

Access to sensitive assets may be

restricted to+

,' adherence to a genuine @needEtoE

kno"= poicy?

/' an appropriate eve o& personne

security contro?

2mpementing and ensuring that+

,' the receiving party understands the

obigations and protects the assets

appropriatey?

/' the originator o& an asset is

responsibe &or appying the correct

marking?

0' appropriate identi&ication and

authentication contros are in pace

to manage the risk o& unauthoriFed

access?

4' a comprehensive audit o& user and admin accounts and actions are in pace?

5' appropriate poicies and procedures to support mobie and remote "orking are put in pace?

The transition to the ne" Government Security $assi&ications

The UK GPMS is being repaced "ith a ne" Government Security $assi&ications (GS$) poicy that

"i invove ony three eves o& cassi&ication &or in&ormation assets# these being+


3/3

APPLICATION NOTE 3


,' %!!2$2A3

/' S-$.-T

0' T%P S-$.-T#6 )ith an %!!2$2A3ES-1S2T29- marking being used "here stronger 7need to kno"8 en&orcement is re(uired at the o"est tier'

This simpi&ied threeEtier poicy schema "i make it easier and more costEe&&ective &or

uk normas watchful

Documents